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DETAILED ACTION 

1 . This communication is in response to amendment under 37 CFR 1.111, filed on 
5/7/2008. Claims 1-3, 5-6, 8-22, 26-30, 32-33, 35-41, 44-47 have been amended, claim 
49 has been added. Claims 1-49 remain pending. 

2. Examiner noted that claims 21 and 44 are labeled "Currently Amended" and are 
indicated in the applicant's remark (page 2) as amended, however the applicant is 
reminded with 37 CFR 1.121 (c) (2) that requires the text to be underlined (if added) and 
strike-through (if deleted). 

Response to Arguments 

3. Applicant's arguments filed May 7 th , 2008 have been fully considered but they are 
not persuasive. Applicant argues (page 19 of the remarks) that Shaw fails to disclose or 
suggest at least the feature of "a proxy device for receiving a request for network 
services by at least one remote network device and performing a security integrity 
scanning operation on the requesting remote network device, wherein the scan is 
performed at least before the remote device signs on to the gateway device". The 
examiner respectfully disagrees. Shaw discloses throughout the specification various 
embodiments that allow the client to connect to the network via proxy device such as 
scanning for viruses before or after logging in. In one embodiment, Shaw teaches in fig 
5, col 4 lines 50-64 and fig 7 col 6 lines 33-47 that the client has an agent and in 
another embodiment has its own virus scanner that scans before the device/client 
connects to the proxy device. Also claim 18 (for example) scans the client attempting to 
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connect to a network (before signing on to the proxy) and denying access to the 
network if the scan fails. 

Claim Rejections - 35 USC § 102 

The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

4. Claims 1 -5, 8-1 5,19,21, 22-26, 29, 31 , 32, 34, 35-38, 42-44, 46 and 48-49 are 
rejected under 35 U.S.C. 102(e) as being anticipated by Shaw, U.S. Patent No. 
7,058,970. 

5. As per claims 1 , 10-1 1 and 49: 

Shaw discloses an apparatus comprising: 

a proxy configured to receive a request for network services by at least one 
remote network device and to perform a security integrity scanning operation on the 
requesting remote network device, wherein the security scanning operation is 
performed at least before the remote network device signs on to the proxy (fig 5, col 4 
lines 50-64 and fig 7 col 6 lines 33-47); and an authorization processing unit and access 
control rules unit configured to determine if the remote network device is authorized to 
access the requested network services based on the results of the security scanning 
operation (col 4 lines 50-64 and fig 7 col 6 lines 33-61). 

6. As per claims 2, 1 2, 23 and 36: 

Shaw discloses a proxy device making integrity security decisions regarding 
access to network services by a remote network device on a request-by-request basis 
(6:48-61). 
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7. As per claims 3, 1 3, 24, 37 and 42 

Shaw discloses an access rules controller that includes a plurality of variables 
used to generate a set of security properties for each remote network device (6:1-9, 
8:19-30). 

8. As per claims 4, 14, 25 and 43: 

Shaw discloses a set of security properties that may be different for each remote 
network device that accesses and requests service through the network (7:42-8:30). 

9. As per claims 5, 1 5, 26 and 39: 

Shaw discloses a device that uses at least one script to select of the type of 
scanning operations to be performed for each remote network device accessing the 
network (6:62-7:15). 

1 0. As per claims 8, 1 9, 29, 31 , 32, 38, 44 and 46: 

Shaw discloses the authorization processor referring to a series of variable 
values in the access control rule unit to determine if a remote network device is 
authorized to access the requested network service (6:1-61). 

11. As per claim 9: 

Shaw discloses a system comprising: 

at least one remote network device configured to access a network via a network 
connection to make a request for one or more network resident services; a gateway 
configured to receive the request for services and perform a security integrity scanning 
operation on the remote network device prior to allowing access to the requested 
network services (2:62-3:12), wherein the security scanning operation is performed at 
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least before the remote network device signs on to the gateway device (fig 5, col 4 lines 
50-64 and fig 7 col 6 lines 33-47); an authentication server that verifies user 
authentication credentials of users of remote network devices that access the network; 
and at least one network server that provides requested network services to at least one 
remote network device accessing the network through the gateway device (6:48-7:15). 

12. As per claims 21, 34, 48: 

Shaw discloses an apparatus wherein the remote network device is a personal 
computer (abstract). 

13. As per claim 22: 

Shaw discloses a method comprising: 

performing scanning process and reporting result used in scanning script 
includes at least one variable defined to be used as a vehicle to convey results of a 
scanning process, performing at least one scanning operation on the remote network 
device to verify the security integrity of the remote device, wherein the scanning 
operation is performed at least before the remote device signs on to a gateway device 
which is configured to perform the at last one scanning operation (fig 5, col 4 lines 50-64 
and fig 7 col 6 lines 33-47); and providing the results of the scanning operation for 
purposes of determining whether or not the remote network device is authorized to 
access the requested network services (4:50-5:3, 6:48-51). 

14. As per clam 35: 

Shaw discloses a method comprising the steps of: 
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defining at least one access control policy for accessing network services 
wherein the access control policy depends, at least in part, on the results of an integrity 
scan performed on a remote network device; specifying what scan scripts are to used 
under what conditions to the remote network device; receiving at least one result of an 
integrity scan from the remote network device at a gateway device, wherein the integrity 
scan is performed at least before the remote device signs on to the gateway device (fig 
5, col 4 lines 50-64 and fig 7 col 6 lines 33-47); and regulating access by the remote 
network device to network services via the gateway device based, at least in part, on 
the results of the integrity scan (6:48-61, 7:42-8:30). 



Claim Rejections - 35 USC § 103 

1 5. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

16. Claims 6, 7, 16, 17, 18, 27, 28, 30, 40, 41 and 45 rejected under 35 U.S.C. 
103(a) as being unpatentable over Shaw in view of Ji et al. (Ji), U.S. Patent No. 
6,728,886. 

17. As per claims 6, 7, 16, 17, 27, 28, 40 and 41 : 

Shaw fails to teach a signed applet, executing the script, allowed to access the 
remote network device for the purposes of executing programs as well as searching and 
reading specific data files that reside on the remote network device. However, Ji 
discloses a method wherein a signed Java applet is used to execute scripts in a similar 
endeavor (6:22-45, 7:33-34). 
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It would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to utilize a signed java applet in order to ensure the integrity of the 
computer creating a local virus scanning engine on the remote host computer which 
would make the entire system more secure and prevent the spread of viruses. 

18. Claims 6, 7, 16, 17, 18, 27, 28, 30, 40, 41 and 45 rejected under 35 U.S.C. 
103(a) as being unpatentable over Shaw in view of Hiltgen, U.S. PG-PUB 
2003/0177392. 

1 9. As per claims 18, 30, 45: 

Shaw fails to teach the use of SSL to protect data communicated between the 
remote device and the gateway device. 

20. As per claims 20, 33, 47: 

Shaw fails to teach networks used for establishing communication between said 
remote device and said gateway using WAP. 

It would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to utilize SSL and WAP in order to improve security of 
communications and to allow for communications to occur over a wireless network 
allowing for more flexibility and portability. 
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Conclusion 

21 . THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

22. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to HADI ARMOUCHE whose telephone number is 
(571)270-3618. The examiner can normally be reached on M-Th 7:30-5:00 and Fridays 
half day. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571) 272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/H. A./ 

HADI ARMOUCHE 
Examiner, Art Unit 2132 

/Gilberto Barron Jr/ 

Supervisory Patent Examiner, Art Unit 2132 



